package com.qf.shiro2202day02.user.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
@RequestMapping("/order")
public class OrderController {
    @GetMapping("/manager")
    public String manager() {
        Subject subject = SecurityUtils.getSubject();

        if (subject.hasRole("admin")) {
            if (subject.isPermitted("order:manager")) {
                System.out.println("当前用户有admin角色");
                return "redirect:/order.html";
            }else {
                System.out.println("当前用户没有权限");
                return "redirect:/error.html";
            }

        } else {
            System.out.println("当前用户没有admin角色");
            return "redirect:/error.html";
        }

    }
}
